EUVD-2026-34995

A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.java of the component User List Endpoint. The manipulation of the argument salt leads to informatio...

CVE-2026-11464

JeecgBoot v3.9.2 and earlier are affected by CVE-2026-11464. The vulnerability is in the User List Endpoint, specifically the function queryPageList in SysUserController.java. Manipulating the salt argument leads to information disclosure. The issue can be triggered remotely and is described as h...

EUVD-2025-205494

A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageList of the file /sys/sysDepartRole/list. The manipulation of the argument deptId results in improper authorization. The attack can be executed remotely. A high complexity level is associated with this...

EUVD-2022-5833

Malicious code in bioql PyPI...

CVE-2025-59948 FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

CVE-2025-59948 FreshRSS is vulnerable to XSS due to lack of CSP on HTML query page

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below do not sanitize certain event handler attributes in feed content, so by finding a page that renders feed entries without CSP, it is possible to execute an XSS payload. The Allow API access authentication setting needs to ...

CVE-2025-59948

FreshRSS versions 1.26.3 and earlier are vulnerable to XSS due to unsanitized event handler attributes in feed content. The attack requires that the instance has API access authentication enabled and uses the /api/query.php endpoint; successful exploitation can lead to account takeover and, if th...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2022-39996

Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page...

PT-2024-11620 · Teldats · Teldats Router

Name of the Vulnerable Software and Affected Versions: Teldats Router versions RS123, RS123w Description: The issue allows an attacker to execute arbitrary code via the cmdcookie parameter to the "upgrade/query.php" page. This enables the attacker to perform Cross Site Scripting attacks...

Teldat RS123和Teldat RS123w 安全漏洞

Teldat RS123 and Teldat RS123w are both routers from Teldat. A security vulnerability exists in Teldat RS123 and Teldat RS123w, which stems from a cross-site scripting vulnerability in the cmdcookie parameter of the upgrade/query.php page...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

Cross site scripting

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

The CVE-2023-39678 entry describes an XSS flaw in the web interface (Log Query page) of the BDCOM OLT P3310D-2AC, firmware 10.1.0F Build 69083. Vulnerable component: the Log Query username parameter; root cause is reflected/stored XSS allowing arbitrary web script/HTML execution. Impact explicitl...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2023-39678

A cross-site scripting XSS vulnerability in the device web interface Log Query page of BDCOM OLT P3310D-2AC 10.1.0F Build 69083 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

PT-2023-27069 · Bdcom · Bdcom Olt P3310D-2Ac

Name of the Vulnerable Software and Affected Versions: BDCOM OLT P3310D-2AC version 10.1.0F Build 69083 Description: A cross-site scripting XSS vulnerability in the device web interface, specifically the Log Query page, allows attackers to execute arbitrary web scripts or HTML via a crafted paylo...

CVE-2023-29154

SQL injection vulnerability exists in the CONPROSYS HMI System CHS versions prior to 3.5.3. A user who can access the affected product with an administrative privilege may execute an arbitrary SQL command via specially crafted input to the query setting page...